You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by gi...@apache.org on 2013/07/15 12:07:43 UTC
svn commit: r1503161 - in /webservices/wss4j/trunk:
ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/
ws-security-dom/src/main/java/org/apache/wss4j/dom/util/
ws-security-stax/src/main/java/org/apache/wss4j/stax/
ws-security-stax/src/main/jav...
Author: giger
Date: Mon Jul 15 10:07:43 2013
New Revision: 1503161
URL: http://svn.apache.org/r1503161
Log:
revert commit 1470872 (use action based approach again) and fix for WSS-446 - Enable SignatureConfirmation without a Signature
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/HeaderOrderingTest.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureConfirmationTest.java
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java?rev=1503161&r1=1503160&r2=1503161&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java Mon Jul 15 10:07:43 2013
@@ -92,8 +92,9 @@ public abstract class WSHandler {
}
boolean enableSigConf = decodeEnableSignatureConfirmation(reqData);
- wssConfig.setEnableSignatureConfirmation(enableSigConf);
-
+ wssConfig.setEnableSignatureConfirmation(
+ enableSigConf || ((doAction & WSConstants.SC) != 0)
+ );
wssConfig.setPasswordsAreEncoded(decodeUseEncodedPasswords(reqData));
wssConfig.setPrecisionInMilliSeconds(
@@ -273,7 +274,9 @@ public abstract class WSHandler {
wssConfig = secEngine.getWssConfig();
}
boolean enableSigConf = decodeEnableSignatureConfirmation(reqData);
- wssConfig.setEnableSignatureConfirmation(enableSigConf);
+ wssConfig.setEnableSignatureConfirmation(
+ enableSigConf || ((doAction & WSConstants.SC) != 0)
+ );
wssConfig.setTimeStampStrict(decodeTimestampStrict(reqData));
String passwordType = decodePasswordType(reqData);
wssConfig.setRequiredPasswordType(passwordType);
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java?rev=1503161&r1=1503160&r2=1503161&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java Mon Jul 15 10:07:43 2013
@@ -974,6 +974,9 @@ public final class WSSecurityUtil {
} else if (single[i].equals(WSHandlerConstants.USERNAME_TOKEN_SIGNATURE)) {
doAction |= WSConstants.UT_SIGN;
actions.add(WSConstants.UT_SIGN);
+ } else if (single[i].equals(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION)) {
+ doAction |= WSConstants.SC;
+ actions.add(WSConstants.SC);
} else {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty",
"Unknown action defined: " + single[i]
@@ -1028,6 +1031,9 @@ public final class WSSecurityUtil {
} else if (single[i].equals(WSHandlerConstants.USERNAME_TOKEN_SIGNATURE)) {
doAction |= WSConstants.UT_SIGN;
actions.add(WSConstants.UT_SIGN);
+ } else if (single[i].equals(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION)) {
+ doAction |= WSConstants.SC;
+ actions.add(WSConstants.SC);
} else {
try {
int parsedAction = Integer.parseInt(single[i]);
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java?rev=1503161&r1=1503160&r2=1503161&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ConfigurationConverter.java Mon Jul 15 10:07:43 2013
@@ -112,6 +112,12 @@ public final class ConfigurationConverte
actions.add(WSSConstants.KERBEROS_TOKEN);
}
}
+
+ boolean sigConf =
+ decodeBooleanConfigValue(ConfigurationConstants.ENABLE_SIGNATURE_CONFIRMATION, false, config);
+ if (sigConf) {
+ actions.add(WSSConstants.SIGNATURE_CONFIRMATION);
+ }
Action[] actionArray = new Action[actions.size()];
properties.setOutAction(actions.toArray(actionArray));
@@ -353,9 +359,9 @@ public final class ConfigurationConverte
Map<String, Object> config,
WSSSecurityProperties properties
) {
+ //outbound sigConf is configured as an Action, see parseActions()
boolean sigConf =
decodeBooleanConfigValue(ConfigurationConstants.ENABLE_SIGNATURE_CONFIRMATION, false, config);
- properties.setEnableSignatureConfirmation(sigConf);
properties.setEnableSignatureConfirmationVerification(sigConf);
boolean mustUnderstand =
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java?rev=1503161&r1=1503160&r2=1503161&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/WSSec.java Mon Jul 15 10:07:43 2013
@@ -22,11 +22,14 @@ import java.net.URISyntaxException;
import org.apache.wss4j.common.crypto.WSProviderConfig;
import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.stax.ext.*;
+import org.apache.wss4j.stax.ext.InboundWSSec;
+import org.apache.wss4j.stax.ext.OutboundWSSec;
+import org.apache.wss4j.stax.ext.WSSConfigurationException;
+import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.config.Init;
-import org.apache.xml.security.stax.ext.SecurePart;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
/**
@@ -100,11 +103,6 @@ public class WSSec {
throw new WSSConfigurationException(WSSConfigurationException.ErrorCode.FAILURE, "noOutputAction");
}
- //todo encrypt sigconf when original signature was encrypted
- if (securityProperties.isEnableSignatureConfirmation()) {
- securityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsse11_SignatureConfirmation, SecurePart.Modifier.Element));
- }
-
for (int i = 0; i < securityProperties.getOutAction().length; i++) {
XMLSecurityConstants.Action action = securityProperties.getOutAction()[i];
if (WSSConstants.TIMESTAMP.equals(action)) {
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java?rev=1503161&r1=1503160&r2=1503161&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/OutboundWSSec.java Mon Jul 15 10:07:43 2013
@@ -175,6 +175,11 @@ public class OutboundWSSec {
final WSSSignatureOutputProcessor signatureOutputProcessor = new WSSSignatureOutputProcessor();
initializeOutputProcessor(outputProcessorChain, signatureOutputProcessor, action);
+ } else if (WSSConstants.SIGNATURE_CONFIRMATION.equals(action)) {
+ final SignatureConfirmationOutputProcessor signatureConfirmationOutputProcessor =
+ new SignatureConfirmationOutputProcessor();
+ initializeOutputProcessor(outputProcessorChain, signatureConfirmationOutputProcessor, action);
+
} else if (WSSConstants.SIGNATURE_WITH_DERIVED_KEY.equals(action)) {
final BinarySecurityTokenOutputProcessor binarySecurityTokenOutputProcessor =
new BinarySecurityTokenOutputProcessor();
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java?rev=1503161&r1=1503160&r2=1503161&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java Mon Jul 15 10:07:43 2013
@@ -277,6 +277,7 @@ public class WSSConstants extends XMLSec
public static final Action TIMESTAMP = new Action(ConfigurationConstants.TIMESTAMP);
public static final Action USERNAMETOKEN = new Action(ConfigurationConstants.USERNAME_TOKEN);
public static final Action USERNAMETOKEN_SIGNED = new Action(ConfigurationConstants.USERNAME_TOKEN_SIGNATURE);
+ public static final Action SIGNATURE_CONFIRMATION = new Action("SignatureConfirmation");
public static final Action SIGNATURE_WITH_DERIVED_KEY = new Action("SignatureWithDerivedKey");
public static final Action ENCRYPT_WITH_DERIVED_KEY = new Action("EncryptWithDerivedKey");
public static final Action SAML_TOKEN_SIGNED = new Action(ConfigurationConstants.SAML_TOKEN_SIGNED);
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java?rev=1503161&r1=1503160&r2=1503161&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java Mon Jul 15 10:07:43 2013
@@ -89,7 +89,6 @@ public class WSSSecurityProperties exten
private WSSCrypto signatureWSSCrypto;
private String signatureUser;
- private boolean enableSignatureConfirmation = false;
private boolean enableSignatureConfirmationVerification = false;
private boolean includeSignatureToken;
private WSSCrypto signatureVerificationWSSCrypto;
@@ -135,7 +134,6 @@ public class WSSSecurityProperties exten
this.derivedKeyTokenReference = wssSecurityProperties.derivedKeyTokenReference;
this.signatureWSSCrypto = wssSecurityProperties.signatureWSSCrypto;
this.signatureUser = wssSecurityProperties.signatureUser;
- this.enableSignatureConfirmation = wssSecurityProperties.enableSignatureConfirmation;
this.enableSignatureConfirmationVerification = wssSecurityProperties.enableSignatureConfirmationVerification;
this.includeSignatureToken = wssSecurityProperties.includeSignatureToken;
this.signatureVerificationWSSCrypto = wssSecurityProperties.signatureVerificationWSSCrypto;
@@ -245,14 +243,6 @@ public class WSSSecurityProperties exten
this.usernameTokenPasswordType = usernameTokenPasswordType;
}
- public boolean isEnableSignatureConfirmation() {
- return enableSignatureConfirmation;
- }
-
- public void setEnableSignatureConfirmation(boolean enableSignatureConfirmation) {
- this.enableSignatureConfirmation = enableSignatureConfirmation;
- }
-
public boolean isEnableSignatureConfirmationVerification() {
return enableSignatureConfirmationVerification;
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java?rev=1503161&r1=1503160&r2=1503161&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java Mon Jul 15 10:07:43 2013
@@ -30,7 +30,6 @@ import javax.xml.stream.XMLStreamExcepti
import javax.xml.stream.events.Attribute;
import org.apache.wss4j.stax.ext.WSSConstants;
-import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.ext.WSSUtils;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.OutputProcessorChain;
@@ -57,17 +56,7 @@ public class WSSSignatureOutputProcessor
@Override
public void init(OutputProcessorChain outputProcessorChain) throws XMLSecurityException {
- //prepend signature-confirmation processor
- if (((WSSSecurityProperties)getSecurityProperties()).isEnableSignatureConfirmation()) {
- final SignatureConfirmationOutputProcessor signatureConfirmationOutputProcessor =
- new SignatureConfirmationOutputProcessor();
- signatureConfirmationOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
- signatureConfirmationOutputProcessor.setAction(getAction());
- signatureConfirmationOutputProcessor.init(outputProcessorChain);
- }
-
super.init(outputProcessorChain);
-
WSSSignatureEndingOutputProcessor signatureEndingOutputProcessor = new WSSSignatureEndingOutputProcessor(this);
signatureEndingOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
signatureEndingOutputProcessor.setAction(getAction());
Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java?rev=1503161&r1=1503160&r2=1503161&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java Mon Jul 15 10:07:43 2013
@@ -172,12 +172,6 @@ public abstract class AbstractTestBase {
protected Map<String, Object> doOutboundSecurityWithWSS4J_1(
InputStream sourceDocument, String action, final Properties properties
) throws WSSecurityException, TransformerException {
- return doOutboundSecurityWithWSS4J_1(sourceDocument, action, properties, true);
- }
-
- protected Map<String, Object> doOutboundSecurityWithWSS4J_1(
- InputStream sourceDocument, String action, final Properties properties, boolean isRequest
- ) throws WSSecurityException, TransformerException {
CustomWSS4JHandler wss4JHandler = new CustomWSS4JHandler();
final Map<String, Object> messageContext = getMessageContext(sourceDocument);
messageContext.put(WSHandlerConstants.ACTION, action);
@@ -214,7 +208,7 @@ public abstract class AbstractTestBase {
requestData.setCallbackHandler(new WSS4JCallbackHandlerImpl());
requestData.setWssConfig(WSSConfig.getNewInstance());
- wss4JHandler.doSender(messageContext, requestData, isRequest);
+ wss4JHandler.doSender(messageContext, requestData, true);
return messageContext;
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/HeaderOrderingTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/HeaderOrderingTest.java?rev=1503161&r1=1503160&r2=1503161&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/HeaderOrderingTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/HeaderOrderingTest.java Mon Jul 15 10:07:43 2013
@@ -617,7 +617,7 @@ public class HeaderOrderingTest extends
baos = new ByteArrayOutputStream();
{
WSSSecurityProperties securityProperties = new WSSSecurityProperties();
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.SIGNATURE, WSSConstants.USERNAMETOKEN, WSSConstants.TIMESTAMP};
+ WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.SIGNATURE, WSSConstants.SIGNATURE_CONFIRMATION, WSSConstants.USERNAMETOKEN, WSSConstants.TIMESTAMP};
securityProperties.setOutAction(actions);
securityProperties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference);
securityProperties.addSignaturePart(
@@ -627,12 +627,14 @@ public class HeaderOrderingTest extends
new SecurePart(new QName(WSSConstants.NS_WSU10, "Timestamp"), SecurePart.Modifier.Element)
);
securityProperties.addSignaturePart(
+ new SecurePart(WSSConstants.TAG_wsse11_SignatureConfirmation, SecurePart.Modifier.Element)
+ );
+ securityProperties.addSignaturePart(
new SecurePart(new QName(WSSConstants.NS_SOAP11, "Body"), SecurePart.Modifier.Element)
);
securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
securityProperties.setSignatureUser("receiver");
securityProperties.setTokenUser("transmitter");
- securityProperties.setEnableSignatureConfirmation(true);
securityProperties.setCallbackHandler(new CallbackHandlerImpl());
OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
@@ -649,8 +651,8 @@ public class HeaderOrderingTest extends
Assert.assertEquals(childs.getLength(), 5);
Assert.assertEquals(childs.item(0).getLocalName(), "Timestamp");
Assert.assertEquals(childs.item(1).getLocalName(), "UsernameToken");
- Assert.assertEquals(childs.item(2).getLocalName(), "BinarySecurityToken");
- Assert.assertEquals(childs.item(3).getLocalName(), "SignatureConfirmation");
+ Assert.assertEquals(childs.item(2).getLocalName(), "SignatureConfirmation");
+ Assert.assertEquals(childs.item(3).getLocalName(), "BinarySecurityToken");
Assert.assertEquals(childs.item(4).getLocalName(), "Signature");
NodeList sigReferences = document.getElementsByTagNameNS(WSConstants.SIG_NS, "Reference");
Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureConfirmationTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureConfirmationTest.java?rev=1503161&r1=1503160&r2=1503161&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureConfirmationTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureConfirmationTest.java Mon Jul 15 10:07:43 2013
@@ -100,12 +100,12 @@ public class SignatureConfirmationTest e
baos = new ByteArrayOutputStream();
{
WSSSecurityProperties securityProperties = new WSSSecurityProperties();
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.SIGNATURE};
+ WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.SIGNATURE_CONFIRMATION, WSSConstants.SIGNATURE};
securityProperties.setOutAction(actions);
securityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Element));
+ securityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsse11_SignatureConfirmation, SecurePart.Modifier.Element));
securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
securityProperties.setSignatureUser("receiver");
- securityProperties.setEnableSignatureConfirmation(true);
securityProperties.setCallbackHandler(new CallbackHandlerImpl());
OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
@@ -145,6 +145,91 @@ public class SignatureConfirmationTest e
@SuppressWarnings("unchecked")
@Test
+ public void testDefaultConfigurationInboundUnsignedConfirmation() throws Exception {
+
+ List<byte[]> sigv;
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+ String action = WSHandlerConstants.SIGNATURE;
+ Properties properties = new Properties();
+ properties.setProperty(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
+ Map<String, Object> messageContext = doOutboundSecurityWithWSS4J_1(sourceDocument, action, properties);
+ sigv = (List<byte[]>) messageContext.get(WSHandlerConstants.SEND_SIGV);
+ Document securedDocument = (Document) messageContext.get(SECURED_DOCUMENT);
+
+ //some test that we can really sure we get what we want from WSS4J
+ NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
+ Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+
+ javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+ transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
+ }
+
+ final List<SecurityEvent> securityEventList = new ArrayList<SecurityEvent>();
+ //done signature; now test sig-verification:
+ {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+ InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
+
+ SecurityEventListener securityEventListener = new SecurityEventListener() {
+ @Override
+ public void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException {
+ securityEventList.add(securityEvent);
+ }
+ };
+
+ XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())), new ArrayList<SecurityEvent>(), securityEventListener);
+
+ Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
+
+ //header element must still be there
+ NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 1);
+ Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+ }
+
+ //so we have a request generated, now do the response:
+ baos = new ByteArrayOutputStream();
+ {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.SIGNATURE_CONFIRMATION};
+ securityProperties.setOutAction(actions);
+ securityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap11_Body, SecurePart.Modifier.Element));
+ securityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsse11_SignatureConfirmation, SecurePart.Modifier.Element));
+ securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+ securityProperties.setSignatureUser("receiver");
+ securityProperties.setCallbackHandler(new CallbackHandlerImpl());
+
+ OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
+ XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, "UTF-8", securityEventList);
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+
+ Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
+ NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 0);
+
+ nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_wsse11_SignatureConfirmation.getNamespaceURI(), WSSConstants.TAG_wsse11_SignatureConfirmation.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 1);
+ Assert.assertNotSame(((Element) nodeList.item(0)).getAttributeNS(null, WSSConstants.ATT_NULL_Value.getLocalPart()), "");
+ Assert.assertNotNull(((Element) nodeList.item(0)).getAttributeNS(null, WSSConstants.ATT_wsu_Id.getLocalPart()), "");
+ Assert.assertTrue(((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_wsu_Id.getNamespaceURI(), WSSConstants.ATT_wsu_Id.getLocalPart()).length() > 0);
+ }
+
+ //verify SigConf response:
+ {
+ String action = "";
+ Properties properties = new Properties();
+ properties.put(WSHandlerConstants.SEND_SIGV, sigv);
+ doInboundSecurityWithWSS4J_1(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action, properties, true);
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ @Test
public void testDefaultConfigurationOutbound() throws Exception {
final List<SecurityEvent> securityEventList = new ArrayList<SecurityEvent>();
@@ -192,11 +277,10 @@ public class SignatureConfirmationTest e
baos = new ByteArrayOutputStream();
{
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- String action = WSHandlerConstants.SIGNATURE;
+ String action = WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION + " " + WSHandlerConstants.SIGNATURE;
Properties properties = new Properties();
- properties.setProperty(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
properties.put(WSHandlerConstants.RECV_RESULTS, wsHandlerResult);
- Map<String, Object> messageContext = doOutboundSecurityWithWSS4J_1(sourceDocument, action, properties, false);
+ Map<String, Object> messageContext = doOutboundSecurityWithWSS4J_1(sourceDocument, action, properties);
Document securedDocument = (Document) messageContext.get(SECURED_DOCUMENT);
//some test that we can really sure we get what we want from WSS4J
@@ -306,6 +390,7 @@ public class SignatureConfirmationTest e
transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
}
+ //verify SigConf response:
{
WSSSecurityProperties securityProperties = new WSSSecurityProperties();
securityProperties.setEnableSignatureConfirmationVerification(true);